Vulnerability Name:

CVE-2007-3798 (CCN-35508)

Assigned:2007-07-10
Published:2007-07-10
Updated:2018-10-15
Summary:Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
CWE-190
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Dec 17 2007 - 15:47:29 CST
Apple OS X Software Update Remote Command Execution

Source: CCN
Type: Gentoo Bugzilla Bug 184815
net-analyzer/tcpdump <= 3.9.6 BGP dissector integer overflow (CVE-2007-3798)

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=184815

Source: MITRE
Type: CNA
CVE-2007-3798

Source: CCN
Type: tcpdump Web site
CVS log for tcpdump/print-bgp.c

Source: MISC
Type: UNKNOWN
http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12

Source: CCN
Type: Apple Web site
About Security Update 2007-009

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307179

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-12-17

Source: CCN
Type: RHSA-2007-0368
Moderate: tcpdump security and bug fix update

Source: CCN
Type: RHSA-2007-0387
Moderate: tcpdump security and bug fix update

Source: CCN
Type: SA26135
tcpdump print-bgp.c Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
26135

Source: SECUNIA
Type: Vendor Advisory
26168

Source: SECUNIA
Type: Vendor Advisory
26223

Source: SECUNIA
Type: Vendor Advisory
26231

Source: SECUNIA
Type: Vendor Advisory
26263

Source: SECUNIA
Type: Vendor Advisory
26266

Source: SECUNIA
Type: Vendor Advisory
26286

Source: SECUNIA
Type: Vendor Advisory
26395

Source: SECUNIA
Type: Vendor Advisory
26404

Source: SECUNIA
Type: Vendor Advisory
26521

Source: SECUNIA
Type: Vendor Advisory
27580

Source: CCN
Type: SA28136
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28136

Source: CCN
Type: FreeBSD-SA-07:06
Buffer overflow in tcpdump(1)

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-07:06

Source: GENTOO
Type: UNKNOWN
GLSA-200707-14

Source: CCN
Type: SECTRACK ID: 1018434
Tcpdump Buffer Overflow in `print-bgp.c` Lets Remote Users Execute Arbitrary Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2007-230-01

Source: CCN
Type: ASA-2007-528
tcpdump security and bug fix update (RHSA-2007-0387)

Source: DEBIAN
Type: UNKNOWN
DSA-1353

Source: DEBIAN
Type: DSA-1353
tcpdump -- integer overflow

Source: MISC
Type: UNKNOWN
http://www.digit-labs.org/files/exploits/private/tcpdump-bgp.c

Source: CCN
Type: GLSA-200707-14
tcpdump: Integer overflow

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:148

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:016

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0368

Source: REDHAT
Type: Vendor Advisory
RHSA-2007:0387

Source: BUGTRAQ
Type: UNKNOWN
20070720 rPSA-2007-0147-1 tcpdump

Source: BID
Type: UNKNOWN
24965

Source: CCN
Type: BID-24965
tcpdump Print-bgp.C Remote Integer Underflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018434

Source: TRUSTIX
Type: UNKNOWN
2007-0023

Source: CCN
Type: TLSA-2007-46
Tcpdump denial of service attack

Source: TURBO
Type: UNKNOWN
TLSA-2007-46

Source: CCN
Type: USN-492-1
tcpdump vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-492-1

Source: CERT
Type: US Government Resource
TA07-352A

Source: VUPEN
Type: Vendor Advisory
ADV-2007-2578

Source: VUPEN
Type: Vendor Advisory
ADV-2007-4238

Source: XF
Type: UNKNOWN
tcpdump-printbgp-overflow(35508)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9771

Source: SUSE
Type: SUSE-SR:2007:016
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tcpdump:tcpdump:*:*:*:*:*:*:*:* (Version <= 3.9.6)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20073798
    V
    		CVE-2007-3798
    2015-11-16
    oval:org.mitre.oval:def:20493
    P
    		DSA-1353-1 tcpdump - integer overflow
    2014-06-23
    oval:org.mitre.oval:def:22387
    P
    		ELSA-2007:0368: tcpdump security and bug fix update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:9771
    V
    		Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
    2013-04-29
    oval:com.redhat.rhsa:def:20070368
    P
    		RHSA-2007:0368: tcpdump security and bug fix update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20070387
    P
    		RHSA-2007:0387: tcpdump security and bug fix update (Moderate)
    2008-03-20
    oval:org.debian:def:1353
    V
    		integer overflow
    2007-08-11
    BACK
    tcpdump tcpdump *